Aligned admin permission check restriction ignore

This commit is contained in:
Dan Brown 2023-01-13 22:19:29 +00:00
parent a825f27930
commit 93ba572369
No known key found for this signature in database
GPG key ID: 46D9F943C24A2EF9

View file

@ -161,12 +161,6 @@ class PermissionApplicator
*/ */
public function restrictEntityQuery(Builder $query, string $morphClass): Builder public function restrictEntityQuery(Builder $query, string $morphClass): Builder
{ {
// TODO - Leave this as the new admin workaround?
// Or auto generate collapsed role permissions for admins?
if (\user()->hasSystemRole('admin')) {
return $query;
}
$this->applyPermissionsToQuery($query, $query->getModel()->getTable(), $morphClass, 'id', ''); $this->applyPermissionsToQuery($query, $query->getModel()->getTable(), $morphClass, 'id', '');
return $query; return $query;
@ -174,14 +168,17 @@ class PermissionApplicator
/** /**
* @param Builder|QueryBuilder $query * @param Builder|QueryBuilder $query
* @return void
*/ */
protected function applyPermissionsToQuery($query, string $queryTable, string $entityTypeLimiter, string $entityIdColumn, string $entityTypeColumn) protected function applyPermissionsToQuery($query, string $queryTable, string $entityTypeLimiter, string $entityIdColumn, string $entityTypeColumn): void
{ {
if ($this->currentUser()->hasSystemRole('admin')) {
return;
}
$this->applyFallbackJoin($query, $queryTable, $entityTypeLimiter, $entityIdColumn, $entityTypeColumn); $this->applyFallbackJoin($query, $queryTable, $entityTypeLimiter, $entityIdColumn, $entityTypeColumn);
$this->applyRoleJoin($query, $queryTable, $entityTypeLimiter, $entityIdColumn, $entityTypeColumn); $this->applyRoleJoin($query, $queryTable, $entityTypeLimiter, $entityIdColumn, $entityTypeColumn);
$this->applyUserJoin($query, $queryTable, $entityTypeLimiter, $entityIdColumn, $entityTypeColumn); $this->applyUserJoin($query, $queryTable, $entityTypeLimiter, $entityIdColumn, $entityTypeColumn);
$this->applyPermissionWhereFilter($query, $queryTable, $entityTypeLimiter, $entityTypeColumn); $this->applyPermissionWhereFilter($query, $entityTypeLimiter, $entityTypeColumn);
} }
/** /**
@ -319,7 +316,6 @@ class PermissionApplicator
*/ */
public function restrictEntityRelationQuery($query, string $tableName, string $entityIdColumn, string $entityTypeColumn) public function restrictEntityRelationQuery($query, string $tableName, string $entityIdColumn, string $entityTypeColumn)
{ {
// TODO - Apply admin allow all as per above query thing
$this->applyPermissionsToQuery($query, $tableName, '', $entityIdColumn, $entityTypeColumn); $this->applyPermissionsToQuery($query, $tableName, '', $entityIdColumn, $entityTypeColumn);
// TODO - Test page draft access (Might allow drafts which should not be seen) // TODO - Test page draft access (Might allow drafts which should not be seen)
@ -337,7 +333,6 @@ class PermissionApplicator
$morphClass = (new Page())->getMorphClass(); $morphClass = (new Page())->getMorphClass();
$this->applyPermissionsToQuery($query, $tableName, $morphClass, $pageIdColumn, ''); $this->applyPermissionsToQuery($query, $tableName, $morphClass, $pageIdColumn, '');
// TODO - Admin workaround as above
// TODO - Draft display // TODO - Draft display
return $query; return $query;
} }